diff options
| author | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-12-08 21:07:14 -0800 |
|---|---|---|
| committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-12-09 13:28:13 -0800 |
| commit | 43e29b3551479dd6d989b830eacd1abbd83592cc (patch) | |
| tree | ee48a871ff2c83e74998caadbfe43579f6d12aee | |
| parent | b845b15da9d2611608b6492abebdb25e12b55c73 (diff) | |
| download | minijail-43e29b3551479dd6d989b830eacd1abbd83592cc.tar.gz | |
Add libminijail static library target.brillo-m8-releasebrillo-m8-dev
This will be used for statically-linked binaries on Android.
Also, fix the call to get_last_valid_cap() to only happen when we're
dropping capabilities.
Bug: 26099386
Change-Id: I741390b6b356592ec9bdfe54b04d23feab5702aa
| -rw-r--r-- | Android.mk | 31 | ||||
| -rw-r--r-- | libminijail.c | 8 |
2 files changed, 29 insertions, 10 deletions
@@ -15,8 +15,15 @@ LOCAL_PATH := $(call my-dir) -# Common variables +# Common variables. # ======================================================== +libminijailSrcFiles := \ + bpf.c \ + libminijail.c \ + signal_handler.c \ + syscall_filter.c \ + util.c + minijailCommonCFlags := -Wall -Werror minijailCommonSharedLibraries := libcap @@ -51,12 +58,7 @@ LOCAL_MODULE := libminijail LOCAL_CFLAGS := $(minijailCommonCFlags) LOCAL_CLANG := true -LOCAL_SRC_FILES := \ - bpf.c \ - libminijail.c \ - signal_handler.c \ - syscall_filter.c \ - util.c \ +LOCAL_SRC_FILES := $(libminijailSrcFiles) LOCAL_STATIC_LIBRARIES := libminijail_generated LOCAL_SHARED_LIBRARIES := $(minijailCommonSharedLibraries) @@ -64,6 +66,21 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) include $(BUILD_SHARED_LIBRARY) +# libminijail static library for target. +# ======================================================== +include $(CLEAR_VARS) +LOCAL_MODULE := libminijail + +LOCAL_CFLAGS := $(minijailCommonCFlags) +LOCAL_CLANG := true +LOCAL_SRC_FILES := $(libminijailSrcFiles) + +LOCAL_STATIC_LIBRARIES := libminijail_generated +LOCAL_SHARED_LIBRARIES := $(minijailCommonSharedLibraries) +LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) +include $(BUILD_STATIC_LIBRARY) + + # libminijail native unit tests. Run with: # adb shell /data/nativetest/libminijail_unittest/libminijail_unittest # ======================================================== diff --git a/libminijail.c b/libminijail.c index 6de6b6a..8b8100e 100644 --- a/libminijail.c +++ b/libminijail.c @@ -1145,10 +1145,12 @@ void set_seccomp_filter(const struct minijail *j) void API minijail_enter(const struct minijail *j) { /* - * Get the last valid cap from /proc, since /proc can be unmounted - * before drop_caps(). + * If we're dropping caps, get the last valid cap from /proc now, + * since /proc can be unmounted before drop_caps() is called. */ - unsigned int last_valid_cap = get_last_valid_cap(); + unsigned int last_valid_cap = 0; + if (j->flags.caps) + last_valid_cap = get_last_valid_cap(); if (j->flags.pids) die("tried to enter a pid-namespaced jail;" |